There's another clue in an Apple developer video, which explains that Private Relay uses 'Oblivious DoH' (ODoH.) This is a new DNS standard which encrypts requests to ensure that when you connect to Private Relay, the first server (the Ingress Proxy) can't see the website you're trying to access. This is the separation of knowledge which preserves your privacy: the Ingress Proxy knows a little about who you are (your IP address), but not what you're doing the Egress Proxy knows what you're doing, but nothing about who you are.Īlthough Apple didn't name the providers it's working with, there were some clues in its WWDC presentation (Image credit: Apple) The Egress Proxy then decrypts your request, to find out which website you're visiting. This second server is run by an independent content provider, not Apple and likely to be a partnering CDN provider, ensuring it has no way to figure out who makes any particular request.
![safari encrypted connection turn off safari encrypted connection turn off](https://cdn.osxdaily.com/wp-content/uploads/2020/09/fix-safari-connection-is-not-private-4.jpg)
The Ingress Proxy now makes an encrypted connection to the Egress Proxy, passing it your request.
![safari encrypted connection turn off safari encrypted connection turn off](https://ugetfix.com/wp-content/uploads/articles/askit/configure-ipv6-to-fix-safari_en.jpg)
(You can alternatively tell Private Relay to choose an IP from your country and time zone, giving it a much wider pool of IPs to choose from.) If you've a Staten Island IP address, for instance, it might simply use 'New York. You could still be identified by your IP address, so the Ingress Proxy replaces it with an approximate geographical location. This is how Private Relay uses multiple proxies to conceal your true IP address (Image credit: Apple)